CVE-2016-6415

HIGH KEV

Cisco IKE Information Disclosure

Title source: metasploit

Description

The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 through 15.6, IOS XE through 3.18S, IOS XR 4.3.x and 5.0.x through 5.2.x, and PIX before 7.0 allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request, aka Bug IDs CSCvb29204 and CSCvb36055 or BENIGNCERTAIN.

Exploits (4)

exploitdb WORKING POC

by nixawk · pythonremotehardware

https://www.exploit-db.com/exploits/43383

View Code ZIP pw:eip

nomisec WORKING POC 11 stars

by 3ndG4me · infoleak

https://github.com/3ndG4me/CVE-2016-6415-BenignCertain-Monitor

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

infoleak

https://github.com/VirtueSecurity/benigncertain-monitor

View Code ZIP pw:eip

metasploit WORKING POC

by Nixawk · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ike/cisco_ike_benigncertain.rb

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93003

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1036841

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-6415

Scores

CVSS v3 7.5

EPSS 0.9314

EPSS Percentile 99.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2023-05-19

VulnCheck KEV 2016-09-28

InTheWild.io 2023-05-19

ENISA EUVD EUVD-2016-7338

CWE

CWE-200

Status published

Products (3)

cisco/ios 12.2 - 12.4

cisco/ios_xe < 3.18s

cisco/ios_xr 4.3.0 - 4.3.4

Published Sep 19, 2016

KEV Added May 19, 2023

Tracked Since Feb 18, 2026